Why is User PII Data Collected?

Movere has two separate modules. The first, referred to as the Multiple User Interface is a two-factor authentication gateway through which Movere users enter their tenancy (customer), or tenancies (partner), that they are authorized to access. The second is the Movere research platform through which users access and interact with the data collected via the Movere Console. User PII data is collected in both modules.

For the purposes of GDPR and data privacy, all data collected via the Movere Registration Process and through the Multiple User Interface (MUI) is Movere Controller data and data collected via the Movere Console and its components, including the Inventory and Actual Resource Consumption (ARC) Bots, is considered Movere Processor data.

Multiple User Interface (MUI)

User PII data collected in the Multiple User Interface is used to create each user’s Movere account. The first item is the user’s corporate email address, which serves two purposes. The first is the invitation process. Users can only be invited via a corporate email address, into the Movere platform. The email address used then serves a second purpose, which is the user’s Movere ID. This is pre-populated in the Movere registration page and cannot be changed.

During the registration process, the user is asked to provide the following data points:

First and Last Name;

Job Title; and

City, State, Country and Postal Code.

These data points ARE NOT mandatory; these items are only requested to simplify user administration. For example, it is easier to identify system or database administrators if the job title field is completed accurately versus inserting a value like ‘blank’:

To complete the registration process, users are also asked to provide:

A Phone Number country code which can be either a land line or mobile device (this is the number the SMS confirmation code will be sent to); and

The Password they want to use to access

These data points ARE mandatory and failure to provide a valid phone or password that satisfies Movere’s minimum password com- plexity rules will prohibit the user from accessing the Movere platform.

NOTE: Nobody other than the user can specify what their password is, i.e. a user cannot ask a tenant administrator to set their password for them. Tenant administrators can only force the user to reset their password the next time they log in.

The registration page also includes an inline password strength indicator to guide the user’s password creation. Passwords must meet the following complexity requirements:

Only contain standard alpha-numeric characters and common symbols;

Be at least six characters long;

Use both upper and lowercase letters;

Include at least one number; and

Include at least one special

Movere Console

User PII data collected via the Movere Console comes from several separate sources (refer below). This data is owned by the cus- tomer and customers can use it for any desired purpose, as such NONE of the PII data points collected via the Movere Console are considered mandatory. Therefore, it is important to understand why these data points are collected.

Movere is an automated data integration platform. Data collected from Active Directory is automatically integrated with data collected from sources such SCCM, vCenter and SharePoint. However, Movere is not dependent on any one source of data. For example, devices can still be targeted and scanned without querying Active Directory. Actual Resource Consumption data can be collected from Windows and Linux Servers without querying the hypervisor(s) they reside on, and asset management systems like SCCM, Altiris, LANDesk, LanSweeper and BigFix can be queried without having to scan all Windows devices.

While Movere can be used to collect and process data from each of these sources independently, it is the automated integration of these disparate data sources coupled with the presentation via visualizations with associative dimensions that converts the raw data into actionable information.

While User PII data is collected by the Movere Console for a multitude of reasons, some of the most common uses include the identification of:

The primary user of each device;

Stale user accounts;

Users logging into a domain outside of the domains password reset policy;

External parties g. contractors, consultants etc. who have been given user accounts that are no longer being used or have never been logged into;

Users connecting directly to specific SQL databases;

Office 365 subscriptions assigned to users who have been blocked from signing in;

Users with products on their primary device which are inconsistent with their job title g. Visual Studio on a Sales Representative’s device;

Mobile devices actively synchronizing with mailboxes they should not be connecting to;

Employee versus non-employee accounts based on employee ID or number;

SharePoint sites that are no longer being used;

How and when a user last logged into a device;

The administrator(s) of systems that are no longer in use and could be decommissioned;

Devices registered to other

Avoiding User PII and the Consequences

Registration and access to Movere requires a valid corporate email address and phone number. Failure to provide these items will prohibit the user from accessing the Movere website. Failure to provide the non-mandatory items including first name, last name, job title etc. may complicate the administration of user account for the customer, but will not prohibit the user from accessing the Movere website.

In the ‘User PII collected via the Movere Console’ section below we have identified the User PII data points Movere gathers from each source i.e. Active Directory, Office 365, SharePoint etc. There is no way to exclude individual data points when collecting data from these sources via the Movere Console. The only way to avoid collecting User PII from a specific source is to not target that source

i.e. do not query Active Directory, do not query Office 365, do not query SharePoint. The consequences from not collecting data from these sources only impacts the customer, which is why they are not mandatory. If they are not collected, then the customer cannot use Movere to research the deployment and use of these products.

User PII Collected via the Movere Multiple User Interface

Profile

Description

First Name

The first name the user entered when completing their Movere registration

Last Name

The last name the user entered when completing their Movere registration

Job Title

The job title the user entered when completing their Movere registration

City

The city the user entered when completing their Movere registration

State/Province

The State/Province the user entered when completing their Movere registration

Country

The Country the user entered when completing their Movere registration

Postal Code

The postal code the user entered when completing their Movere registration

Email

The corporate email address the user’s Movere invitation was sent to (cannot be changed)

Phone Number Country Code

The Country code for the phone number the user provides for two-factor authentication